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(54) Strong authentication method using a telecommunications device 



(57) There is described a method of obtaining strong 
authentication for a remote network, by way of the re- 
mote network generating a security code, and transmit- 



ting this code to a user, via a separate connection (for 
example, via a mobile telephone). 

This security code being used by the user to gain 
access to the remote network. 
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Description 

[0001] The present invention relates to a strong au- 
thentication method using a telecommunications de- 
vice, for example, mobile phone or a pager. Strong au- 5 
thentication requires the use of a security token. Spe- 
cialised security tokens are provided whenever the need 
for secure access to a remote network location is re- 
quired, for example, when accessing a bank account 
over the internet. 10 
[0002] A security token is conventionally a device by 
which means a user can prove to the remote network 
site which they wish to access their identity. Strong au- 
thentication requires the combination of a usemame, 
password and a security token, and is used when au- 1$ 
thentication by means of a usemame and password 
alone is not sufficient for security purposes. 
[0003] Conventional security token devices are typi- 
cally specialised devices and are consequently often ex- 
pensive. In addition, they are normally not familiar to the 20 
user community and so are often difficult to use. Fur- 
thermore, the tokens may themselves be lost or dam- 
aged. 

[0004] For users who possess a mobile phone, pager 
or other data communication means having a visual dis- 25 
play, a means to provide strong authentication can be 
established without the use of a dedicated security to- 
ken device. 

[0005] An authentication process to provide a user 
with strong authentication, comprising the steps of:- 30 

(i) establishing a connection from a terminal device 
to a remote network/internet site; 

(ii) entering a user password and communicating 35 
the user password from the terminal device to the 
remote site through said connection; 

(Hi) generating at the remote site, on receipt of the 
password, an authentication security code; 40 

(iv) establishing a second connection from the re- 
mote site to the user, the second connection being 
separate from said first connection; 

45 

(v) transmitting security code to the user through 
said second connection; 

(vi) entering the security code at the terminal device 
and transmitting the security code from the terminal so 
device to the remote site through said first connec- 
tion; 

(vii) comparing the security code entered at the ter- 
minal device with the security code previously gen- 55 
erated by the remote site; and 

(viii) providing authentication on correct compari- 



son. 

The invention seeks to provide a strong authentication 
method using a telecommunications device for a user 
accessing a remote server or host from a terminal by 
means of a network, the user having a telecommunica- 
tions device with a display, the strong authentication 
method comprising: 

the user connecting to the server or host; 
the server or host requesting iogin data from the us- 
er; 

the server or host correlating said login data with 
data held in a database representing the telephone 
number of said telecommunications device; 
the server or host generating a security PIN and 
communicating said PIN to said telecommunica- 
tions device; 

the user receiving said PIN from said telecommuni- 
cations device and entering said PIN into said ter- 
minal; 

the PIN entered by said user being compared with 
the PIN generated by said server or host; 
wherein if the PIN entered by the user and the PIN 
generated by said server or host match then the us- 
er is allowed access to said remote server or host 
or to software accessed via said remote server/ 
host. 

[0006] Preferably, the PIN entered by the user and the 
PIN generated by the server or host is compared by soft- 
ware running at the server or host. 
[0007] Preferably, the telecommunications device is a 
mobile phone or pager. 

[0008] Preferably the PIN is a generated randomly by 
means of a suitable software algorithm. 
[0009] More preferably, the PIN is generated for sin- 
gle or one-time use. 

[0010] Preferably, the PIN is communicated to the tel- 
ecommunications device by the server or host in the 
form of a text message. 

[001 1] Preferably, the server or host is a workstation 
or internet site. 

[0012] The present example will be further illustrated 
by way of example, with reference to the accompanying 
drawing in which the single Figure is a diagram illustrat- 
ing the strong authentication process. 
[0013] As illustrated, a user, having a telecommuni- 
cations device 5 with a display, connects to a remote 
server/host 3 via a network 2 (for example a LAN, WAN 
or an internet site) via suitable terminal-type device 1, 
for example a PC or workstation. The telecommunica- 
tions device 5 may, for example, be a mobile telephone 
or pager, or other portable communications type device 
which has an access code or PIN known to the user to 
restrict unauthorised use. 

[001 4] The remote server/host 3 accessed by the user 
then executes a software login routine to prompt the us- 
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er for login data, for example, a username and/or pass- 
word. The login routine includes a suitable algorithm to 
correlate the user login data with a telephone number 
stored in a suitable database and which corresponds to 
the user's telecommunication device 5. The database 5 
may be stored on the server/host itself or may be re- 
motely stored and be accessed by the server/host. 
[001 5] The remote server/host 3 generates a security 
PIN number, for example a "one-time use" PIN, by 
means of a suitable software algorithm such as, for ex- 10 
ample, may be used to generate random numbers. The 
security PIN is then sent via the telecommunication net- 
work 4 to the telecommunications device 5, for example, 
as a text message which is displayed on the display of 
the telecommunications device 5. 15 
[0016] The user is thus notified of the security PIN by 
the telecommunication device 5. The user enters the se- 
curity PIN at the terminal 1 and the security PIN data 
entered by the user is then compared by the server/host 
3 with the security PIN generated by the server/host 3. 20 
If the two entries match, then the user is authenticated 
to the remote server/host 3. The security PIN commu- 
nicated via the telecommunications network to the tele- 
communication device 5, proves the user's identity. The 
telecommunications device 5, thus acts as a "security 25 
token" to prove the user's identity and authorise the us- 
er's access to the remote server/host. 
[001 7] It can thus be seen that the security token pro- 
vided in accordance with the present invention exhibits 
many substantial advantages over the prior art devices 30 
and permits a user to be identified and their access to 
a remote server/host authenticated over a network with- 
out the requirement for additional security token devic- 
es. 

[0018] While the above embodiment has been cho- 35 
sen to illustrate the present invention, it will be apparent 
to those skilled in the art from this disclosure that various 
changes and modifications can be made herein without 
departing from the scope of the invention. 

40 

Claims 

1. An authentication process to provide a user with 
strong authentication, comprising the steps of:- *5 

(i) establishing a connection from a terminal de- 
vice to a remote network/internet site; 

(ii) entering a user password and communicat- 
ing the user password f roiti the terminal device so 
to the remote site through said connection; 

(iii) generating at the remote site, on receipt of 
the password, an authentication security code; 

(iv) establishing a second connection from the 
remote site to the user, the second connection 55 
being separate from said first connection; 

(v) transmitting security code to the user 
through said second connection; 



(vi) entering the security code at the terminal 
device and transmitting the security code from 
the terminal device to the remote site through 
said first connection; 

(vii) comparing the security code entered at the 
terminal device with the security code previous- 
ly generated by the remote site; and 

(viii) providing authentication on correct com- 
parison. 

Authentication process which provides a strong au- 
thentication using a telecommunications device to 
permit a user to access a remote server or host from 
a terminal by means of a network, the user having 
a telecommunications device with a display, the au- 
thentication process comprising the steps of: 

the user connecting to the server or host; 
the server or host requesting login data from 
the user; 

the server or host correlating said login data 
with data held in a database representing the 
telephone number of said telecommunications 
device; 

the server or host generating a security PIN and 
communicating said PIN to said telecommuni- 
cations device; 

the user receiving said PIN from said telecom- 
munications device and entering said PIN into, 
said terminal; 

the PIN entered by said user being compared 
with the PIN generated by said server or host; 
wherein if the PIN entered by the user and the 
PIN generated by said server or host match 
then the user is allowed access to said remote 
server or host or to software accessed via said 
remote server/host. 

Authentication process as claimed in Claim 2, 
wherein the telecommunications device is a mobile 
phone or pager. 

Authentication process as claimed in any preceding 
claim, wherein the PIN entered by the user and the 
PIN generated by the server or host is compared by 
software running at the server or host. 

Authentication process as claimed in any preceding 
claim, wherein the PIN is a generated randomly by 
means of a suitable software algorithm. 

Authentication process as claimed in any preceding 
claim, wherein the PIN is generated for single or 
one-time use. 

Authentication process as claimed in any preceding 
claim, wherein the PIN is communicated to the tel- 
ecommunications device by the server or host in the 
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form of a text message. 

8. Authentication process as claimed in any preceding 
claim, wherein the server or host is a workstation or 
internet site. 5 

9. Authentication process substantially as herein be- 
fore described with reference to the accompanying 
figure. 
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